Multi-arch builds with provenance for docker-minimal images

PowerDNS · Jun 4, 2024 · fb6beea · fb6beea
1 parent 635faf9
commit fb6beea
Showing 1 changed file with 53 additions and 7 deletions.
diff --git a/.github/workflows/docker-minimal.yml b/.github/workflows/docker-minimal.yml
@@ -8,14 +8,60 @@ on:
 jobs:
   docker_test:
     name: docker_test
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
+    env:
+      # Github.refname is wrong for pull requests - have to use head ref for them
+      MYREF: ${{ github.event.pull_request && github.head_ref || github.ref_name }}
+      PLATFORMS: linux/arm64,linux/amd64
+      DOCKERFILE: Dockerfile.minimal
+      BUILD_CONTEXT: docker/wforce_image
+      BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+      IMAGE_NAME: wforce-minimal
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
           submodules: recursive
-      - run: cd docker/wforce_image && docker buildx build -f Dockerfile.minimal weakforced -t powerdns/wforce-minimal:`git describe --tags` --load
-      - run: cd docker && bash docker_push.sh "powerdns/wforce-minimal"
-        env:
-          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/arm64
+      - name: Set up Docker Buildx for multi-platform builds
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: ${{ env.PLATFORMS }}
+      - name: Login to Docker
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Check for release tag
+        id: release_check
+        run: |
+          if [[ ${{ github.ref }} =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "release=YES" >> $GITHUB_OUTPUT
+          fi
+      - name: Build and push to docker hub for releases with tag
+        id: release_build
+        if: ${{ steps.release_check.outputs.release == 'YES' }}
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ env.BUILD_CONTEXT }}
+          file: ${{ env.DOCKERFILE }}
+          platforms: ${{ env.PLATFORMS }}
+          push: true
+          sbom: true
+          tags: |
+            ${{ env.DOCKER_ORGANIZATION_NAME }}/${{ env.IMAGE_NAME }}:${{ env.MYREF }}
+      - name: Build and push to docker hub for master branch
+        id: master_build
+        if: ${{ env.BRANCH_NAME == 'master' }}
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ env.BUILD_CONTEXT }}
+          file: ${{ env.DOCKERFILE }}
+          platforms: ${{ env.PLATFORMS }}
+          push: true
+          sbom: true
+          tags: |
+            ${{ env.DOCKER_ORGANIZATION_NAME }}/${{ env.IMAGE_NAME }}:unstable